Alliance Compliance Plan­

PURPOSE

The Central California Alliance for Health’s (the Alliance’s) Compliance Program ensures that the organization and its staff operate in compliance with contractual, regulatory and statutory requirements. Through its Compliance Program, the Alliance maintains its business operations to ensure alignment with these requirements. The Alliance exercises due diligence to prevent and detect criminal conduct, and when necessary, takes corrective action to ensure that its business operations are compliant with governing requirements. The Alliance promotes an organizational culture that encourages ethical conduct and a commitment to compliance with the law. The Alliance takes appropriate steps to ensure that its staff members are knowledgeable of requirements and that they consistently work towards meeting them. To maintain its independence, the Alliance’s Compliance Program acts independently of operational and program areas without fear of repercussions for identifying non-compliance.

Following is a description of how the Alliance aligns with the Effective Compliance and Ethics Program guidance published by the United States Sentencing Commission.

WRITTEN POLICIES, PROCEDURES, AND STANDARDS OF CONDUCT

Policies and procedures ensure that Board members, employees, and contractors, including Network Providers, Subcontractors and Downstream Subcontractors, understand and perform their responsibilities in compliance with regulatory and contractual obligations and applicable law. The Alliance maintains policies and procedures that demonstrate compliance with relevant requirements and updates are made as needed to reflect alignment with changing operations and requirements. Compliance Department staff regularly reviews proposed changes to policies and procedures and responds to needs identified through program monitoring. Policies and procedures are developed within the applicable departments, are reviewed and approved through the Policy intake process. Compliance staff leverage compliance’s management software to ensure that all Alliance policies are reviewed and/or revised at least annually. Policies and Procedures are  available to all staff through the Alliance’s Policy Library located on its Intranet. .

The Compliance Department maintains a suite of policies that implement this Compliance Plan, including, but not limited to the following:

• Policies describing the obligations of plan Board members, employees, and contractors to maintain the confidentiality of protected health information (PHI) in accordance with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and HIPAA Program operations;
• Policies describing the Alliance’s Program Integrity Program, including procedures in place to prevent, detect, investigate, and resolve fraud, waste, and abuse (FWA);
• Policies related to reporting, investigation, and resolution of non-compliance;
• Policies related to the oversight of delegated entities, including Subcontractors and Downstream Subcontractors, and the operations of the Delegate Oversight Program; and
• Policies regarding regulatory audits and the operations of the Internal Audit and Monitoring Program

A full listing of Compliance Department policies can be found in Appendix A.

In addition, the Compliance Plan includes a Code of Conduct, included in a separate document, which guides Alliance Board members, employees, and contractors in conducting their business activities in a professional, ethical, and legal manner. The Human Resources Department also reflects these expectations in its Employee Handbook. In addition to being made available to Alliance staff, this Compliance Plan and Code of Conduct are publicly posted on the Alliance’s Intranet.

STRUCTURE AND OVERSIGHT

Alliance Governing Board – The Alliance Governing Board (Board) is responsible for oversight of the Compliance Program. The Board receives and approves a verbal report from the Compliance Program no less frequently than annually and receives, at minimum, quarterly written reports on compliance activities. These reports include a review of activities of the Compliance Program, results of internal and external audits, and reporting of other compliance-related issues. To ensure that the Board is aware of the content and operation of the Alliance’s Compliance Program, the Board receives compliance training, including FWA prevention training, on appointment and annually thereafter. The Board is also responsible for review and approval of revisions to the Alliance’s Compliance Plan and Code of Conduct, which are made at minimum annually.

Chief Executive Officer – The Chief Executive Officer (CEO) oversees the Compliance Program and attends Compliance Committee. The Chief Compliance Officer (CCO) reports directly to the CEO.

Compliance Committee – The Compliance Committee is comprised of Director and Chief level representatives from each department and is chaired by the Compliance Director. The Compliance Committee directs the CCO and assists in the implementation of the Compliance Program. The Compliance Committee meets at least quarterly and reports to the Board. Additional responsibilities of the Compliance Committee include, but are not limited to:

• Reviewing information regarding new requirements or changes to existing requirements that are brought before it by the CCO, Compliance Department staff, or Government Relations Department staff, and determining necessary steps for implementation, operations, and compliance with requirements;
• Reviewing and approving an annual Compliance Risk Assessment developed by Compliance staff and overseeing the outcomes of auditing and monitoring activities identified in the Internal Audit and Monitoring Workplan;
• Reviewing monitoring and evaluation reports based upon ongoing review of existing policies and procedures and operations;
• Annually reviewing and, as necessary, updating the Code of Conduct and Compliance Plan;
• Ensuring that Compliance training and education are effective and appropriately completed;
• Reviewing areas of non-compliance and developing appropriate corrective and preventive action to prevent or mitigate compliance concerns, including oversight of CAPs imposed by regulators;
• Reviewing delegated entities, including the Alliance’s Subcontractors and Downstream Subcontractors, to ensure their performance on delegated functions meets contractual, legal, and regulatory obligations, and Alliance standards;
• Overseeing the Alliance’s Program Integrity activity to ensure that the organization deters, identifies, investigates and resolves potential and/or actual FWA, both internally and externally; and,
• Ensuring the Alliance implements appropriate safeguards, including administrative policies and procedures, to protect the confidentiality of PHI and ensure compliance with HIPAA requirements.

In addition to the Compliance Committee, the Alliance has other committees that oversee its contractual, legal, and regulatory obligations, including the following:

Quality Improvement and Health Equity Committee

The Quality Improvement and Health Equity Committee (QIHEC) monitors progress on the Quality Improvement work plan, oversees Utilization Management activities, and receives reports from the Pharmacy and Therapeutics Committee. In addition, the Committee oversees various plan activities including: care-based incentives, HEDIS results, analysis and suggested interventions, disease management and educational programs, cultural and linguistic initiatives, grievances and potential quality issues, emergency department utilization projects, and the annual review of Alliance’s preventive health guidelines. The QIHEC reports its activities to the Board on a regular basis.

Staff Grievance Review Committee

The Staff Grievance Review Committee (SGRC) monitors the timeliness and appropriateness of the research for and resolution to member complaints and provider disputes. In addition, the SGRC monitors the processing of all Grievance cases for statutory, regulatory and contractual compliance and to manage continuous quality improvement. SGRC reports its activities to the Interdisciplinary Clinical Quality Improvement Workgroup and Board on a regular basis.

Chief Compliance Officer – The CCO, under the guidance of the CEO, directs the Compliance Program in support of Alliance goals, provides executive leadership in developing, implementing, and monitoring the Alliance’s Compliance Program, and serves as the HIPAA Privacy Officer and Fraud Prevention Officer. The CCO maintains a direct reporting relationship to the Board, providing routine reports and updates to the Board on Compliance Program activities. The CCO is responsible for overseeing the implementation of the Compliance Program, including defining the program structure, educational requirements, reporting and complaint mechanisms, response and correction procedures, and compliance expectations of all staff and contractors.  In the event the CCO is unavailable, the Compliance Director serves as the backup Compliance Officer, Privacy Officer, and Fraud Prevention Officer. The CCO, in coordination with the Compliance Committee and staff, ensures the following activities are performed:

• Ensuring that updates from the Compliance Program are presented to the CEO and the Board on a periodic basis;
• Ensuring that the Alliance’s Compliance Programs, including the Delegate Oversight Program, HIPAA Program, Internal Audit and Monitoring Program, and Program Integrity Program adhere to relevant state and federal requirements, are responsive to the Alliance’s needs, and are effective in identifying and mitigating compliance risk;
• Ensuring processes and reporting mechanisms are in place that encourage staff to report noncompliance, suspected FWA, or other misconduct without fear of retaliation;
• Ensuring that effective compliance training is in place and that staff are aware of the Alliance’s Compliance Program, Code of Conduct, and all applicable statutory and regulatory requirements;
• Ensuring effective processes are in place to allow two-way communication between the Compliance Division and Alliance staff such that staff are aware of new and changing requirements and are knowledgeable about how to report noncompliance, suspected FWA, or other misconduct without fear of retaliation; and
• Ensuring corrective action plans (CAPs) are implemented when non-compliance is identified and that the CAPs effectively address the identified root cause.

Compliance Director – The Compliance Director, under the guidance of the CCO, executes and oversees the Compliance Program in support of Alliance goals, directs the Alliance’s Compliance function, and chairs the Compliance Committee. The Compliance Director is responsible for implementing Compliance Program, including ensuring that the Compliance Plan is implemented, maintaining reporting and complaint mechanisms, directing response and correction procedures, and recommending revisions to the Compliance Program to meet organizational need. The Compliance Director, in coordination with the Compliance Committee and staff, ensures the following activities are performed:

• Directing and overseeing the Alliance’s Compliance Programs, including the Delegate Oversight Program, HIPAA Program, Internal Audit and Monitoring Program, and Program Integrity Program to ensure alignment with the CCO’s stated objectives;
• Interacting with the operational units of the company and being involved in and aware of the daily business activities;
• Maintaining processes that encourage staff to report potential compliance concerns without fear of retaliation;
• Ensuring reports of potential instances of FWA, disclosures of PHI, and noncompliance are resolved, including overseeing internal investigations and developing corrective or disciplinary actions, if necessary;
• Maintaining documentation for each report of potential noncompliance or FWA received;
• In partnership with the Alliance’s Training & Development Department, developing training programs to ensure that staff are aware of the Alliance’s Compliance Program, Code of Conduct, and all applicable statutory and regulatory requirements;
• Maintaining the compliance reporting mechanism and initiating audits through the Internal Audit and Monitoring Program, operational departments, and the Program Integrity function, where applicable;
• Ensuring that the Alliance does not employ or contract with individuals excluded from participation in federal programs. This function has been delegated to the Alliance’s Human Resources Department, Provider Services Department, and Administrative Contracts Unit; and,
• Overseeing development and implementation of CAPs.

Compliance Manager – The Compliance Manager reports to the Compliance Director and is responsible for managing the day-to-day activities of the core Compliance Program functions, including the HIPAA Program, Internal Audit and Monitoring Program, Program Integrity Program, and Delegate Oversight Program.

Compliance Specialists – Compliance Specialists are responsible for conducting day-to-day operational work related to implementation of the Alliance’s HIPAA Program, Program Integrity Program, Delegate Oversight Program, and Internal Audit and Monitoring Program. Compliance Specialists are also responsible for managing regulatory audits, including pre-onsite and onsite document requests and logistics, and coordinating any required CAPs. Other duties may be assigned as appropriate.

Regulatory Affairs Manager– The Regulatory Affairs Manager reports to the Compliance Director and is responsible for managing the day-to-day activities of the Alliance’s regulatory affairs function, which includes analyzing and monitoring state and federal policy, legislation and regulations affecting the Alliance; maintaining systems and procedures to intake, assessing and implementing regulatory policies and legislative information; and ensuring the submission of timely and accurate program reporting to regulators.

Regulatory Affairs Specialists – Regulatory Affairs Specialists are responsible for conducting day-to-day operational work related to implementation of new requirements, policy development and maintenance, regulatory reporting, and regulatory filings. Other duties may be assigned as appropriate.

Government Relations Director – The Government Relations Director is the primary health plan contact with external regulatory and government agencies. The Government Relations Director monitors legislative, regulatory, and contractual requirements to identify new or changing, policies, standards, laws and regulations that may impact plan operations and ensures that these are brought to the relevant departments for review and implementation.

EDUCATION AND TRAINING

As part of their orientation and training, Alliance staff are informed of the Alliance’s commitment to compliance with contractual, regulatory and legal standards. New employees receive general compliance training and receive a copy of the Compliance Plan, Code of Conduct, and policies and procedures pertinent to that individual’s job responsibilities, where applicable.

General compliance trainings are conducted via the Alliance Learning Center (ALC), a web-based training module, for all employees upon initial hiring. The Learning & Development Unit ensures that all employees are trained on the Alliance’s Code of Conduct and Compliance Plan within 90 days of the date of hire and annually thereafter.

Staff are trained on the Alliance’s Code of Conduct and Compliance Plan, including but not limited to:

• Policies and procedures relevant to their job functions to ensure compliance with requirements;
• The Alliance’s Program Integrity function, including information regarding the False Claims Act and the Anti-kickback Statute;
• HIPAA compliance training, with emphasis on confidentiality of PHI;
• An overview of compliance issues and how to report potential non-compliance or FWA; and
• How to report suspected non-compliance with law or policy to Compliance Department staff.

To gauge the effectiveness of this training, staff are required to take a pre-test prior to the specific training module and a post-test after the completion of the training. The results of these tests indicate enhanced understanding of the Alliance’s Compliance Program through effective training. Staff must attain a passing score of 80% in the post-test to complete the training module.

Board members receive a copy of the Compliance Plan, Code of Conduct, and policies and procedures pertinent to their appointment as part of their orientation. In addition, Board members receive general compliance training, including FWA prevention training, as part of their orientation and on an annual basis thereafter.

Compliance staff also monitor reports on an ongoing basis to ensure the following required training is occurring:

• For Member Services staff, training must cover Alliance policies and procedures; contractually required services for all members; how to utilize services in the Medi-Cal program; how to access carved out services; how to obtain referrals to community resources; how to assist members with disabilities and chronic conditions; and diversity, equity and inclusion (DEI) training.
• For staff carrying out obligations under MOUs, training must cover how complaints can be raised and how to resolve disputes between the parties in the MOU.
• For Network Providers, training includes an overview of the Medi-Cal Managed Care program; covered services, policies and procedures for clinical protocols governing prior authorization and utilization management; how to refer to and coordinate care for carved out services; preventive healthcare services including Early Periodic Screening, Diagnosis and Testing (EPSDT); medical record and coding requirements; Population Health Management program requirements; member access, including appointment wait time standards, telephone access, translation and language access services; secure data sharing methods; member rights; DEI training; and advanced health care directives.

EFFECTIVE LINES OF COMMUNICATION

The Alliance has formal and routine mechanisms of communication available to staff, contractors, and members. The Alliance promotes communication through a variety of meetings and processes, including Board meetings, Compliance Committee meetings, Operations Committee, the Administrative Contract Review Process, the Policy intake process, all-staff assemblies, regular departmental meetings, internal committee meetings, and ad-hoc provider and member communications. Additionally, information is communicated to Board members, employees, contractors, and members by email distributions, internal and external websites, reports, newsletters, and handbooks.

Policies and procedures ensure that staff members understand and perform their responsibilities in compliance with their positions and applicable law. Staff members are responsible for complying with the policies and procedures relevant to job descriptions and contractors are responsible for complying with their contractual obligations.

The Alliance expects that all Board members, employees, and contractors report compliance issues including noncompliant, unethical and/or illegal behavior. All compliance issues regarding potential FWA or HIPAA concerns are required to be reported immediately to the Compliance Department for investigation by Compliance Department staff. Reports of non-compliance with standards are investigated by supervisors and/or Compliance Department staff and leadership, as appropriate, and are referred to the Compliance Committee as needed. The Compliance Committee reviews these reports and ensures corrective actions are implemented and monitored for effectiveness.

The Alliance encourages staff to discuss issues directly with their supervisor or manager, Compliance Department staff, the Human Resources Director, or the Chief Administrative Officer. Should staff not feel comfortable reporting concerns directly, they may do so anonymously through the Confidential Disclosure Hotline. Staff can be assured that they may report compliance issues or concerns without risk of retaliation. The Alliance has a zero-tolerance policy for retaliation or retribution against any employee who in good faith reports suspected misconduct.

The Alliance’s Confidential Disclosure Hotline is accessible 24 hours a day to report violations, or suspected violations of the law and/or the Compliance Program as well as concerns with Alliance personnel practices, such as allegations of discrimination, harassment or poor treatment. Additionally, staff may use the Alliance’s Confidential Disclosure website.

TOLL FREE CONFIDENTIAL DISCLOSURE HOTLINE

844-910-4228

CONFIDENTIAL DISCLOSURE WEBSITE

https://ccah.ethicspoint.com

Additional reporting information is located on the Compliance Intranet page. The Alliance takes all reports of violations, or suspected violations, seriously and is committed to investigating all reported concerns promptly and confidentially to the extent possible.

The Alliance also maintains a reporting mechanism on its public website that allows members, Network Providers, Subcontractors, or any other person or entity to submit reports of non-compliance, including anonymous reports if desired.

MONITORING AND AUDITING TO IDENTIFY COMPLIANCE RISK

The Alliance conducts monitoring and auditing activities to test and confirm the effectiveness of the Compliance Program, to ensure that plan operations align with contractual, legal, and regulatory requirements, and to identify the Alliance’s organizational risk areas. This includes the evaluation of delegated entities – Subcontractors and Downstream Subcontractors – for compliance with standards, in alignment with the Delegation Reporting and Compliance Plan.

To comply with regulatory and contractual requirements, the Alliance conducts routine internal auditing in identified risk areas and routinely monitors plan performance through the Alliance Dashboard. The Alliance is also subject to external audits by federal and state agencies in connection with the Medi-Cal Program and its IHSS line of business.

Annually, Compliance Department staff conducts a Compliance Risk Assessment and develops an Internal Audit and Monitoring Work Plan outlining identified risk areas selected for internal audit. The Compliance Manager oversees the Internal Audit and Monitoring Work Plan, ensuring that internal audits are conducted, deficiencies are identified, reports are developed, and corrective action is taken, as needed.

DISCIPLINARY STANDARDS

The Alliance does not condone any conduct that negatively affects the operation, mission, or image of the Alliance. The Alliance ensures that standards and policies and procedures are consistently enforced through disciplinary mechanisms. Any employee or contractor engaging in a violation of laws or regulations (depending on the magnitude of the violation) will be disciplined up to, and including, termination from employment or their contract.

In the event of discovery of such activity, the Alliance will implement prompt action to correct the problem and may institute appropriate disciplinary action given the facts and circumstances.

RESPONSE TO COMPLIANCE ISSUES

Upon verification of non-compliance of a particular standard or requirement, the Alliance will take appropriate action steps to correct and prevent repeat non-compliance. These steps may include disclosing the incident to applicable regulatory agencies, retraining staff, and amending Alliance policies and procedures in an effort to avoid future recurrence. Compliance staff will initiate and document oversight of corrective action to ensure the instance of noncompliance has been effectively mitigated. Matters may be brought to the Compliance Committee for discussion, and Compliance Committee maintains responsibility for ensuring that issues are corrected.

Revision History:

APPENDIX A – COMPLIANCE POLICIES AND PROCEDURES